<?php
	require_once("_inc/functions.php");
	require_once("_inc/form_functions.php");
	require_once("_inc/connection.php");
	
	if (($_SERVER['HTTP_HOST']==$_SERVER['SERVER_NAME']) && $_SERVER['REQUEST_METHOD']=="POST") {

		if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
			$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
		}else {
			if ($_SERVER['REMOTE_ADDR']!="192.168.10.254") {
				$ip = $_SERVER['REMOTE_ADDR'];
			}
		}

		$errors = array();
		// perform validations on the form data limit to 30 charector
		// $required_fields = array('password',);
		// $errors = array_merge($errors, check_required_fields($required_fields, $_POST));
		
		// $fields_with_lengths = array('password' => 20);
		// $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));

		if ( empty($errors) ) {
	
			$data['f'] = "0";
			$password = trim(mysql_prep(htmlentities($_POST['password'])));
			$hashed_password = sha1($password);
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT `level` FROM `user`";
			$query .= " WHERE `hpwd` = '{$hashed_password}'";
			$query .= " AND `staff` = 0";
			$query .= " AND `visible` = 1";
			$query .= " LIMIT 1";
			mysql_query("SET NAMES 'utf8'",$connection); 
			$result = mysql_query($query,$connection);
			confirm_query($result);
			if (mysql_num_rows($result) == 1) {						
				$row = mysql_fetch_assoc($result);

				if ($row['level']==1) {
					web($ip);
				}
				if ($row['level']==2) {
					torrent($ip);
				}

				$referer = exec("echo \"{$_POST['referer']}\" | sed 's/[^=]*=//'");
				$data['f'] = "1";
				if ($_POST['referer']=="") {
					$data['url'] = "http://www.google.com";
				}else {
					$data['url'] = "{$referer}";
				}
				

			}
			
			$output = json_encode($data);
			echo $output;

			
		}
	}
	
	mysql_close($connection);

?>